Risk Identification of Personally Identifiable Information from Collective Mobile App Data

1. A risk identification method for PII (Personally Identifiable Information) comprising: generating, via a computer device, a profiling chart for identifying an application having privacy permission for PII and PPII (Potential Personally Identifiable Information); collecting privacy permission of an application identified through the profiling chart using the computer device; identifying a first risk factor using the computer device based on total PPII collected by publisher of the application identified through the profiling chart; identifying a second risk factor using the computer device, wherein the second risk factor is based on total PPII collected by parent organization of the publisher; and determining total risk factor based on the first risk factor and the second risk factor, wherein the total risk factor is determined by the computer device.

2. The risk identification method of claim 1 , wherein the generating a profiling chart generates the profiling chart for identifying an application having privacy permission corresponding to dangerous permission among normal, signature, and dangerous permission which are three protection levels affecting third-party app data access and collections in Android OS.

3. The risk identification method of claim 1 , wherein the identifying a first risk factor determines the total number of PPII given to applications included in an application group by a first user of a set of users as the first risk factor for the first user.

4. The risk identification method of claim 1 , wherein the identifying a second risk factor determines the sum of the total number of PPII given to applications of the parent organization by the first user of the set of users and the total number of PPII given to applications of the publisher which is a sub-organization of the parent organization by the first user as the second risk factor for the first user.

5. The risk identification method of claim 1 , wherein the determining total risk factor determines the total risk factor based on error rate as the first risk factor, the second risk factor, and other influence factors.

6. A non-transitory computer readable recording medium in which a computer program for executing the method of claim 1 in a computer device is recorded.

7. A computer device comprising at least one processor implemented to execute a computer readable instruction, and wherein the computer device, by the at least one processor: generates a profiling chart for identifying an application having privacy permission for PII (Personal Identification Information) and PPII (Potential Personally Identifiable Information), collects privacy permission of an application identified through the profiling chart, identifies a first risk factor based on total PPII collected by publisher of the application identified through the profiling chart, identifies a second factor based on total PPII collected by parent organization of the publisher, and determines total risk factor based on the first risk factor and the second risk factor, wherein the total risk factor is determined based on error rate as the first risk factor, the second risk factor, and other influence factors.

8. The computer device of claim 7 , by the at least one processor, generating the profiling chart for identifying an application having the privacy permission corresponding to dangerous permission among normal, signature, and dangerous permission which are three protection levels affecting third-party app data access and collections in Android OS.

9. The computer device of claim 7 , by the at least one processor, determining the total number of PPII given to applications included in an application group by a first user of a set of users as the first risk factor of the first user.

10. The computer device of claim 7 , by the at least one processor, determining the sum of the total number of PPII given to applications of the parent organization by the first user of the set of users and the total number of PPII given to applications of the publisher which are sub-organizations of the parent organization by the first user as the second risk factor of the first user.